agenix: enable agenix

2022-12-18 13:15:40 +01:00 · 2022-12-18 13:15:40 +01:00 · b086356254
commit b086356254
parent 437e0b7194
6 changed files with 52 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,9 +2,7 @@
  "nodes": {
    "agenix": {
      "inputs": {
-        "nixpkgs": [
-          "nixpkgs-stable"
-        ]
+        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1665870395,
@ -116,13 +114,13 @@
      "locked": {
        "lastModified": 1671200928,
        "narHash": "sha256-mZfzDyzojwj6I0wyooIjGIn81WtGVnx6+avU5Wv+VKU=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "757b82211463dd5ba1475b6851d3731dfe14d377",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
@ -144,6 +142,22 @@
        "type": "github"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1671200928,
+        "narHash": "sha256-mZfzDyzojwj6I0wyooIjGIn81WtGVnx6+avU5Wv+VKU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "757b82211463dd5ba1475b6851d3731dfe14d377",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nur": {
      "locked": {
        "lastModified": 1671251299,
@ -165,7 +179,7 @@
        "home-manager": "home-manager",
        "hyprland": "hyprland",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-stable": "nixpkgs-stable",
        "nur": "nur"
      }
--- a/flake.nix
+++ b/flake.nix
@ -31,7 +31,7 @@

      agenix = {
        url = "github:ryantm/agenix";
-        inputs.nixpkgs.follows = "nixpkgs-stable";
+        #inputs.nixpkgs.follows = "nixpkgs-stable";
      };
    };

--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@ -10,7 +10,7 @@
 #               └─ default.nix
 #

-{ config, lib, pkgs, inputs, user, location, ... }:
+{ config, lib, pkgs, inputs, user, location, agenix, ... }:

 {
  imports =                                 # Import window or display manager.
@ -97,6 +97,7 @@
      dig
      qmk-udev-rules
      gptfdisk
+      agenix.defaultPackage.x86_64-linux
    ];
  };

--- a/hosts/configuration_server.nix
+++ b/hosts/configuration_server.nix
@ -85,6 +85,7 @@
      lm_sensors
      bind
      dig
+      agenix
    ];
  };

--- a/modules/desktop/sway/home.nix
+++ b/modules/desktop/sway/home.nix
@ -105,7 +105,8 @@
        window.commands = [
            { command = "floating enable"; criteria = { class = "Pavucontrol"; }; }
            { command = "floating enable"; criteria = { class = "Galculator"; }; }
-            { command = "floating enable"; criteria = { class = "^Yubi$"; }; }
+            { command = "floating enable"; criteria = { class = "Nitrokey App"; }; }
+            { command = "floating enable"; criteria = { class = "Yubico Authenticator"; }; }
            { command = "floating enable"; criteria = { window_role = "pop-up"; }; }
        ];
        
@ -228,7 +229,7 @@
      export VDPAU_DRIVER="iHD";
      export XDG_SESSION_TYPE="wayland";
      export XDG_CURRENT_DESKTOP="sway";
-      #export QT_QPA_PLATFORMTHEME="wayland-egl";
+      export QT_QPA_PLATFORMTHEME="wayland-egl";
      export GST_VAAPI_ALL_DRIVERS="1";
      export GTK_THEME="Arc";
      export _JAVA_AWT_WM_NONREPARENTING="1";
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,25 @@
+let
+    kabbone = [ 
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo=";
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVQmOem6iMFx1whIpF66B8jv3iWhLYyBkgsl+Bm9LhBjsIrhOBUmkvIA8w0uojxO3XFNqeeyUfsqrAW2PrsNl6JXEDlRw9oaaCH3C0daCxr76peTGxKhXek+kfQIC0HIcqAif+TdmAC3Q6TK3R2/I4yTgt0XOVbkJpOHhbR6kjyTjx1CMEVmbKgduIpeznBDOlC+iotqbchBVQKmnqJt0HNbSFxL4G1bN9UQlr8wzaSf/ZBTPU/ARfES4nrNc4vmztZmsI7clk57JKHFcf19PiMgUWMxdfW5bhMmf/7ARgrk4hZPmWmBnRK1njmFICBuWfAbDx1wnRfDVtSOxiNmMuN3pLUmB9XQCAgvC3kreFs7yDYoYPFcVUA0+AV/hRvB6ISwbsZb9qZSwAVrbnwiMb3e8SJYUb9GKFWPEjNLVYPj66mYH4Hi9FB9q76OQ1kCZthov+pAgy2S4kv0PoqDcpVZxlHsULoXokS2r9yQ/xzQopobbbTkZq4lXv79UZlyrr5zcQ7c4/ojDRxNtFmYlD/dltWWy9ZwcoKioRCFd2CSPRGTx46VClrJ0yJpNX2boyh/Av/6nsucocasLzZ9EHkctvrZQMq3u2FwCQPQ37kdY/JPYpDYKnAJMx4VgLqycbkTBnGDUbHyfVCEEBklTy35JKd73Vm3df7NNk5qA4bQ==";
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo=";
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo=";
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo=";
+    ];
+  users = [ kabbone ];
+
+  dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
+  hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
+  nbf5 = "";
+  systems = [ 
+      hades
+      nbf5
+      dmz
+  ];
+  servers = [
+      dmz
+  ];
+in
+    {
+        "passwords/services/mail/mailjet.age".publicKeys = servers ++ users;
+    }